v11.2.3

Release Notes for UTMStack v11.2.3

In this release, we've introduced several new features and improvements to enhance your experience with UTMStack. We've also addressed some bugs to ensure smoother operation.

What's New

• Added enhanced log parsing capabilities for VMware and Netflow filters.
• Introduced updates for Microsoft 365 and SonicWall filters for better integration.
• Added support for new Cisco filter updates, including Cisco ASA and Meraki.
• Updated the UTMStack filter configuration to version 3.0.5.

Improved

• Enhanced sorting in the asset view to prioritize asset status and last input.
• Improved error handling and response mapping for module configuration validation.
• Enhanced configuration encryption to support file data types.
• Updated layout styles for the API documentation component for better clarity.

Fixed

• Resolved issues with cloud region URL parsing for CrowdStrike configuration.
• Fixed timestamp handling in correlation rules and logstash filter services.
• Improved validation checks for alert targets and log objects.
• Cleaned up alert detail view logic and HTML formatting for better readability.

EventProcessor Changelog

Sparkle Features

• Log Pusher: Added support for Unix socket-based log pushing.
• Log Pusher: Added UUID generation to log entries for improved tracking.
• Plugins: Added UUID to alert payloads for better identification.
• Reliability: Implemented a circuit breaker for rule evaluation failures to prevent system instability.

Bug Fixes

• Feeds: Fixed analyze function to return immediately for denied, blocked, or failed actions.
• Log Pusher: Improved error handling when closing connections.
• Memory Management: Fixed memory release issue after successful queue registration.
• Feeds: Added playground mode check and improved error handling.

Enhancements & Refactoring

• Plugins (CEL): Optimized rule reloading with change detection and state tracking.
• Plugins (CEL): Unified error handling for rule processing and correlation evaluation.
• Plugins (CEL): Refactored rule processing logic and modularized key functions.
• Plugins (General): Renamed analysis plugin to cel and updated build paths.
• Rule Management: Added support for tenant-specific and global rule disabling; refactored rule indexing.
• Rule Properties: Updated rule properties for better categorization and technique details.
• Configuration: Updated NewDynamicSourceManager to handle nil configuration gracefully.

Build & Maintenance

• Build System: Added log-pusher and opensearch-fetcher binaries to Dockerfile and build artifacts.
• Build System: Fixed Dockerfile paths for plugins directory.
• Cleanup: Removed deprecated plugin configuration files.
• Cleanup: Removed unused libraries and deprecated integration_test.go files.

Documentation

• Plugins: Added comprehensive README for the CEL analysis plugin.
• General: Added links to the official wiki for detailed implementation guides.

Dependency Updates

• Go SDK: Upgraded github.com/threatwinds/go-sdk to v1.1.14 across all modules.
• Genproto: Updated google.golang.org/genproto to latest versions.
• Modules: Updated dependencies and enhanced error handling (added delays).

We hope you enjoy the new features and improvements in this release!

---

Full Changelog: v11.2.2...v11.2.3

v11.2.2

UTMStack v11.2.2 Release Notes

In this release, we've introduced several new features and improvements to enhance your experience with UTMStack. This update focuses on better log analysis, improved visualization tools, and enhanced alert management.

What's New

• Added support for SQL queries in LogExplorer, allowing for more flexible data retrieval.
• Introduced new filters for Azure and GCP, improving log analysis capabilities.
• Enhanced the LogExplorer with custom keyword suggestions for easier search.
• Implemented a new adversary management module, providing better insights and control over alerts.

Improved

• Updated Azure correlation rules for more accurate threat detection.
• Enhanced the visualization creation flow with improved UI elements and validation.
• Improved error handling and user experience in the log handling and display logic.
• Enhanced the SAML and OIDC authentication processes with additional fields and validation.

Fixed

• Resolved issues with log analysis filters for better accuracy in data retrieval.
• Fixed bugs affecting the display of alert properties and improved layout consistency.
• Corrected problems with alert management, including false positive tagging and alert status updates.
• Addressed various bugs related to user authentication and login processes.

This release brings valuable enhancements to your UTMStack experience, making it easier to manage threats and analyze logs effectively.

---

Full Changelog: v11.2.1...v11.2.2

v11.2.1

Release Notes for UTMStack v11.2.1

In this release, we've introduced several new features and improvements to enhance your experience with UTMStack. We've also addressed some bugs to ensure smoother operation.

What's New

• Added integration tests for deduplication and grouping logic in alerts.
• Introduced a new CrowdStrike plugin to collect and process security events from the CrowdStrike Falcon platform.
• Enhanced PDF generation with improved response handling and error management.
• Implemented sorting by last input in the assets view for better data organization.
• Added filter options to exclude false positive alerts in the alert management system.
• Enhanced configuration handling with version type support for better management.

Improved

• Enhanced rule filters with status and formatting options for better usability.
• Improved error handling in various features to provide clearer messages and better user guidance.
• Updated AWS CloudWatch Logs streaming with dynamic configuration handling.
• Enhanced SQL query suggestions in the code editor with limits and aggregation examples for easier querying.

Fixed

• Resolved issues with incorrect cursor behavior in the SQL Query Editor.
• Fixed PDF loading conditions to reduce waiting time and improve user experience.
• Updated log detail terminology for clarity in application logs.
• Corrected component naming and updated routing in email settings for better functionality.
• Improved loading state handling and time filter management in compliance exports.

We hope you enjoy the new features and improvements in this release!

---

Full Changelog: v11.2.0...v11.2.1

v11.2.0

UTMStack 11.2.0 – Release Notes

The UTMStack v11.2.0 release introduces key enhancements, new integrations, and important fixes to improve system stability, performance, and user experience.

Improvements & Fixes

• Enhanced AWS integration with updated setup guides and improved log processing reliability.
• Added CrowdStrike Falcon integration for advanced threat detection and response.

v11.1.8

UTMStack 11.1.8 – Release Notes

The UTMStack v11.1.8 update delivers important fixes and usability improvements to enhance stability and user experience.

Improvements & Fixes

• Improved AWS integration: updated setup guides and more reliable log processing.

v11.1.7

UTMStack 11.1.7 – Release Notes

The UTMStack v11.1.7 update delivers important fixes and usability improvements to enhance stability and user experience.

Improvements & Fixes

• Improved AWS integration: updated setup guides and more reliable log processing.

v11.1.6

UTMStack 11.1.6 – Release Notes

The UTMStack v11.1.6 update delivers important fixes and usability improvements to enhance stability and user experience.

Improvements & Fixes

• Enhanced Threat and Windows activity dashboards with new filters and aggregations for better data analysis.
• Improved email notifications for alerts, providing clearer information and enhanced formatting for better user experience.

v11.1.5

UTMStack 11.1.5 – Release Notes

The UTMStack v11.1.5 update delivers important fixes and usability improvements to enhance stability and user experience.

Improvements & Fixes

• Standardized utm_visualization field names by replacing legacy O365 keys with new conventions.
• Enhanced responsive behavior for TFA enrollment components based on viewport height.

v11.1.4

UTMStack 11.1.4 – Release Notes

The UTMStack v11.1.4 update delivers important fixes and usability improvements to enhance stability and user experience.

Improvements & Fixes

• Refined the styling of download links to improve clarity and accessibility.
• Resolved a syntax error in the UTMStack installation command, ensuring smoother setup.
• Corrected the display of pipeline card statuses and improved accuracy of event processing counts.

v10.9.4-202512181017

UTMStack 10.9.4 Release Notes

– Visual adjustments applied to the SOC AI Integration to ensure consistent behavior and user interaction.
– Updated the header component to improve version visibility and overall UI consistency.